1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_QUERY_INTERVAL (125*HZ) 111 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 112 113 #define IGMP_INITIAL_REPORT_DELAY (1) 114 115 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 116 * IGMP specs require to report membership immediately after 117 * joining a group, but we delay the first report by a 118 * small interval. It seems more natural and still does not 119 * contradict to specs provided this delay is small enough. 120 */ 121 122 #define IGMP_V1_SEEN(in_dev) \ 123 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 124 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 125 ((in_dev)->mr_v1_seen && \ 126 time_before(jiffies, (in_dev)->mr_v1_seen))) 127 #define IGMP_V2_SEEN(in_dev) \ 128 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 129 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 130 ((in_dev)->mr_v2_seen && \ 131 time_before(jiffies, (in_dev)->mr_v2_seen))) 132 133 static int unsolicited_report_interval(struct in_device *in_dev) 134 { 135 int interval_ms, interval_jiffies; 136 137 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 138 interval_ms = IN_DEV_CONF_GET( 139 in_dev, 140 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 141 else /* v3 */ 142 interval_ms = IN_DEV_CONF_GET( 143 in_dev, 144 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 145 146 interval_jiffies = msecs_to_jiffies(interval_ms); 147 148 /* _timer functions can't handle a delay of 0 jiffies so ensure 149 * we always return a positive value. 150 */ 151 if (interval_jiffies <= 0) 152 interval_jiffies = 1; 153 return interval_jiffies; 154 } 155 156 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 157 gfp_t gfp); 158 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 159 static void igmpv3_clear_delrec(struct in_device *in_dev); 160 static int sf_setstate(struct ip_mc_list *pmc); 161 static void sf_markstate(struct ip_mc_list *pmc); 162 #endif 163 static void ip_mc_clear_src(struct ip_mc_list *pmc); 164 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 165 int sfcount, __be32 *psfsrc, int delta); 166 167 static void ip_ma_put(struct ip_mc_list *im) 168 { 169 if (refcount_dec_and_test(&im->refcnt)) { 170 in_dev_put(im->interface); 171 kfree_rcu(im, rcu); 172 } 173 } 174 175 #define for_each_pmc_rcu(in_dev, pmc) \ 176 for (pmc = rcu_dereference(in_dev->mc_list); \ 177 pmc != NULL; \ 178 pmc = rcu_dereference(pmc->next_rcu)) 179 180 #define for_each_pmc_rtnl(in_dev, pmc) \ 181 for (pmc = rtnl_dereference(in_dev->mc_list); \ 182 pmc != NULL; \ 183 pmc = rtnl_dereference(pmc->next_rcu)) 184 185 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 186 { 187 struct ip_sf_list *next; 188 189 while (psf) { 190 next = psf->sf_next; 191 kfree(psf); 192 psf = next; 193 } 194 } 195 196 #ifdef CONFIG_IP_MULTICAST 197 198 /* 199 * Timer management 200 */ 201 202 static void igmp_stop_timer(struct ip_mc_list *im) 203 { 204 spin_lock_bh(&im->lock); 205 if (del_timer(&im->timer)) 206 refcount_dec(&im->refcnt); 207 im->tm_running = 0; 208 im->reporter = 0; 209 im->unsolicit_count = 0; 210 spin_unlock_bh(&im->lock); 211 } 212 213 /* It must be called with locked im->lock */ 214 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 215 { 216 int tv = get_random_u32_below(max_delay); 217 218 im->tm_running = 1; 219 if (!mod_timer(&im->timer, jiffies+tv+2)) 220 refcount_inc(&im->refcnt); 221 } 222 223 static void igmp_gq_start_timer(struct in_device *in_dev) 224 { 225 int tv = get_random_u32_below(in_dev->mr_maxdelay); 226 unsigned long exp = jiffies + tv + 2; 227 228 if (in_dev->mr_gq_running && 229 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 230 return; 231 232 in_dev->mr_gq_running = 1; 233 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 234 in_dev_hold(in_dev); 235 } 236 237 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 238 { 239 int tv = get_random_u32_below(delay); 240 241 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 242 in_dev_hold(in_dev); 243 } 244 245 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 246 { 247 spin_lock_bh(&im->lock); 248 im->unsolicit_count = 0; 249 if (del_timer(&im->timer)) { 250 if ((long)(im->timer.expires-jiffies) < max_delay) { 251 add_timer(&im->timer); 252 im->tm_running = 1; 253 spin_unlock_bh(&im->lock); 254 return; 255 } 256 refcount_dec(&im->refcnt); 257 } 258 igmp_start_timer(im, max_delay); 259 spin_unlock_bh(&im->lock); 260 } 261 262 263 /* 264 * Send an IGMP report. 265 */ 266 267 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 268 269 270 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 271 int gdeleted, int sdeleted) 272 { 273 switch (type) { 274 case IGMPV3_MODE_IS_INCLUDE: 275 case IGMPV3_MODE_IS_EXCLUDE: 276 if (gdeleted || sdeleted) 277 return 0; 278 if (!(pmc->gsquery && !psf->sf_gsresp)) { 279 if (pmc->sfmode == MCAST_INCLUDE) 280 return 1; 281 /* don't include if this source is excluded 282 * in all filters 283 */ 284 if (psf->sf_count[MCAST_INCLUDE]) 285 return type == IGMPV3_MODE_IS_INCLUDE; 286 return pmc->sfcount[MCAST_EXCLUDE] == 287 psf->sf_count[MCAST_EXCLUDE]; 288 } 289 return 0; 290 case IGMPV3_CHANGE_TO_INCLUDE: 291 if (gdeleted || sdeleted) 292 return 0; 293 return psf->sf_count[MCAST_INCLUDE] != 0; 294 case IGMPV3_CHANGE_TO_EXCLUDE: 295 if (gdeleted || sdeleted) 296 return 0; 297 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 298 psf->sf_count[MCAST_INCLUDE]) 299 return 0; 300 return pmc->sfcount[MCAST_EXCLUDE] == 301 psf->sf_count[MCAST_EXCLUDE]; 302 case IGMPV3_ALLOW_NEW_SOURCES: 303 if (gdeleted || !psf->sf_crcount) 304 return 0; 305 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 306 case IGMPV3_BLOCK_OLD_SOURCES: 307 if (pmc->sfmode == MCAST_INCLUDE) 308 return gdeleted || (psf->sf_crcount && sdeleted); 309 return psf->sf_crcount && !gdeleted && !sdeleted; 310 } 311 return 0; 312 } 313 314 static int 315 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 316 { 317 struct ip_sf_list *psf; 318 int scount = 0; 319 320 for (psf = pmc->sources; psf; psf = psf->sf_next) { 321 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 322 continue; 323 scount++; 324 } 325 return scount; 326 } 327 328 /* source address selection per RFC 3376 section 4.2.13 */ 329 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 330 const struct flowi4 *fl4) 331 { 332 struct in_device *in_dev = __in_dev_get_rcu(dev); 333 const struct in_ifaddr *ifa; 334 335 if (!in_dev) 336 return htonl(INADDR_ANY); 337 338 in_dev_for_each_ifa_rcu(ifa, in_dev) { 339 if (fl4->saddr == ifa->ifa_local) 340 return fl4->saddr; 341 } 342 343 return htonl(INADDR_ANY); 344 } 345 346 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 347 { 348 struct sk_buff *skb; 349 struct rtable *rt; 350 struct iphdr *pip; 351 struct igmpv3_report *pig; 352 struct net *net = dev_net(dev); 353 struct flowi4 fl4; 354 int hlen = LL_RESERVED_SPACE(dev); 355 int tlen = dev->needed_tailroom; 356 unsigned int size; 357 358 size = min(mtu, IP_MAX_MTU); 359 while (1) { 360 skb = alloc_skb(size + hlen + tlen, 361 GFP_ATOMIC | __GFP_NOWARN); 362 if (skb) 363 break; 364 size >>= 1; 365 if (size < 256) 366 return NULL; 367 } 368 skb->priority = TC_PRIO_CONTROL; 369 370 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 371 0, 0, 372 IPPROTO_IGMP, 0, dev->ifindex); 373 if (IS_ERR(rt)) { 374 kfree_skb(skb); 375 return NULL; 376 } 377 378 skb_dst_set(skb, &rt->dst); 379 skb->dev = dev; 380 381 skb_reserve(skb, hlen); 382 skb_tailroom_reserve(skb, mtu, tlen); 383 384 skb_reset_network_header(skb); 385 pip = ip_hdr(skb); 386 skb_put(skb, sizeof(struct iphdr) + 4); 387 388 pip->version = 4; 389 pip->ihl = (sizeof(struct iphdr)+4)>>2; 390 pip->tos = 0xc0; 391 pip->frag_off = htons(IP_DF); 392 pip->ttl = 1; 393 pip->daddr = fl4.daddr; 394 395 rcu_read_lock(); 396 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 397 rcu_read_unlock(); 398 399 pip->protocol = IPPROTO_IGMP; 400 pip->tot_len = 0; /* filled in later */ 401 ip_select_ident(net, skb, NULL); 402 ((u8 *)&pip[1])[0] = IPOPT_RA; 403 ((u8 *)&pip[1])[1] = 4; 404 ((u8 *)&pip[1])[2] = 0; 405 ((u8 *)&pip[1])[3] = 0; 406 407 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 408 skb_put(skb, sizeof(*pig)); 409 pig = igmpv3_report_hdr(skb); 410 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 411 pig->resv1 = 0; 412 pig->csum = 0; 413 pig->resv2 = 0; 414 pig->ngrec = 0; 415 return skb; 416 } 417 418 static int igmpv3_sendpack(struct sk_buff *skb) 419 { 420 struct igmphdr *pig = igmp_hdr(skb); 421 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 422 423 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 424 425 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 426 } 427 428 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 429 { 430 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 431 } 432 433 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 434 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 435 { 436 struct net_device *dev = pmc->interface->dev; 437 struct igmpv3_report *pih; 438 struct igmpv3_grec *pgr; 439 440 if (!skb) { 441 skb = igmpv3_newpack(dev, mtu); 442 if (!skb) 443 return NULL; 444 } 445 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 446 pgr->grec_type = type; 447 pgr->grec_auxwords = 0; 448 pgr->grec_nsrcs = 0; 449 pgr->grec_mca = pmc->multiaddr; 450 pih = igmpv3_report_hdr(skb); 451 pih->ngrec = htons(ntohs(pih->ngrec)+1); 452 *ppgr = pgr; 453 return skb; 454 } 455 456 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 457 458 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 459 int type, int gdeleted, int sdeleted) 460 { 461 struct net_device *dev = pmc->interface->dev; 462 struct net *net = dev_net(dev); 463 struct igmpv3_report *pih; 464 struct igmpv3_grec *pgr = NULL; 465 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 466 int scount, stotal, first, isquery, truncate; 467 unsigned int mtu; 468 469 if (pmc->multiaddr == IGMP_ALL_HOSTS) 470 return skb; 471 if (ipv4_is_local_multicast(pmc->multiaddr) && 472 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 473 return skb; 474 475 mtu = READ_ONCE(dev->mtu); 476 if (mtu < IPV4_MIN_MTU) 477 return skb; 478 479 isquery = type == IGMPV3_MODE_IS_INCLUDE || 480 type == IGMPV3_MODE_IS_EXCLUDE; 481 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 482 type == IGMPV3_CHANGE_TO_EXCLUDE; 483 484 stotal = scount = 0; 485 486 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 487 488 if (!*psf_list) 489 goto empty_source; 490 491 pih = skb ? igmpv3_report_hdr(skb) : NULL; 492 493 /* EX and TO_EX get a fresh packet, if needed */ 494 if (truncate) { 495 if (pih && pih->ngrec && 496 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 497 if (skb) 498 igmpv3_sendpack(skb); 499 skb = igmpv3_newpack(dev, mtu); 500 } 501 } 502 first = 1; 503 psf_prev = NULL; 504 for (psf = *psf_list; psf; psf = psf_next) { 505 __be32 *psrc; 506 507 psf_next = psf->sf_next; 508 509 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 510 psf_prev = psf; 511 continue; 512 } 513 514 /* Based on RFC3376 5.1. Should not send source-list change 515 * records when there is a filter mode change. 516 */ 517 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 518 (!gdeleted && pmc->crcount)) && 519 (type == IGMPV3_ALLOW_NEW_SOURCES || 520 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 521 goto decrease_sf_crcount; 522 523 /* clear marks on query responses */ 524 if (isquery) 525 psf->sf_gsresp = 0; 526 527 if (AVAILABLE(skb) < sizeof(__be32) + 528 first*sizeof(struct igmpv3_grec)) { 529 if (truncate && !first) 530 break; /* truncate these */ 531 if (pgr) 532 pgr->grec_nsrcs = htons(scount); 533 if (skb) 534 igmpv3_sendpack(skb); 535 skb = igmpv3_newpack(dev, mtu); 536 first = 1; 537 scount = 0; 538 } 539 if (first) { 540 skb = add_grhead(skb, pmc, type, &pgr, mtu); 541 first = 0; 542 } 543 if (!skb) 544 return NULL; 545 psrc = skb_put(skb, sizeof(__be32)); 546 *psrc = psf->sf_inaddr; 547 scount++; stotal++; 548 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 549 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 550 decrease_sf_crcount: 551 psf->sf_crcount--; 552 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 553 if (psf_prev) 554 psf_prev->sf_next = psf->sf_next; 555 else 556 *psf_list = psf->sf_next; 557 kfree(psf); 558 continue; 559 } 560 } 561 psf_prev = psf; 562 } 563 564 empty_source: 565 if (!stotal) { 566 if (type == IGMPV3_ALLOW_NEW_SOURCES || 567 type == IGMPV3_BLOCK_OLD_SOURCES) 568 return skb; 569 if (pmc->crcount || isquery) { 570 /* make sure we have room for group header */ 571 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 572 igmpv3_sendpack(skb); 573 skb = NULL; /* add_grhead will get a new one */ 574 } 575 skb = add_grhead(skb, pmc, type, &pgr, mtu); 576 } 577 } 578 if (pgr) 579 pgr->grec_nsrcs = htons(scount); 580 581 if (isquery) 582 pmc->gsquery = 0; /* clear query state on report */ 583 return skb; 584 } 585 586 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 587 { 588 struct sk_buff *skb = NULL; 589 struct net *net = dev_net(in_dev->dev); 590 int type; 591 592 if (!pmc) { 593 rcu_read_lock(); 594 for_each_pmc_rcu(in_dev, pmc) { 595 if (pmc->multiaddr == IGMP_ALL_HOSTS) 596 continue; 597 if (ipv4_is_local_multicast(pmc->multiaddr) && 598 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 599 continue; 600 spin_lock_bh(&pmc->lock); 601 if (pmc->sfcount[MCAST_EXCLUDE]) 602 type = IGMPV3_MODE_IS_EXCLUDE; 603 else 604 type = IGMPV3_MODE_IS_INCLUDE; 605 skb = add_grec(skb, pmc, type, 0, 0); 606 spin_unlock_bh(&pmc->lock); 607 } 608 rcu_read_unlock(); 609 } else { 610 spin_lock_bh(&pmc->lock); 611 if (pmc->sfcount[MCAST_EXCLUDE]) 612 type = IGMPV3_MODE_IS_EXCLUDE; 613 else 614 type = IGMPV3_MODE_IS_INCLUDE; 615 skb = add_grec(skb, pmc, type, 0, 0); 616 spin_unlock_bh(&pmc->lock); 617 } 618 if (!skb) 619 return 0; 620 return igmpv3_sendpack(skb); 621 } 622 623 /* 624 * remove zero-count source records from a source filter list 625 */ 626 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 627 { 628 struct ip_sf_list *psf_prev, *psf_next, *psf; 629 630 psf_prev = NULL; 631 for (psf = *ppsf; psf; psf = psf_next) { 632 psf_next = psf->sf_next; 633 if (psf->sf_crcount == 0) { 634 if (psf_prev) 635 psf_prev->sf_next = psf->sf_next; 636 else 637 *ppsf = psf->sf_next; 638 kfree(psf); 639 } else 640 psf_prev = psf; 641 } 642 } 643 644 static void kfree_pmc(struct ip_mc_list *pmc) 645 { 646 ip_sf_list_clear_all(pmc->sources); 647 ip_sf_list_clear_all(pmc->tomb); 648 kfree(pmc); 649 } 650 651 static void igmpv3_send_cr(struct in_device *in_dev) 652 { 653 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 654 struct sk_buff *skb = NULL; 655 int type, dtype; 656 657 rcu_read_lock(); 658 spin_lock_bh(&in_dev->mc_tomb_lock); 659 660 /* deleted MCA's */ 661 pmc_prev = NULL; 662 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 663 pmc_next = pmc->next; 664 if (pmc->sfmode == MCAST_INCLUDE) { 665 type = IGMPV3_BLOCK_OLD_SOURCES; 666 dtype = IGMPV3_BLOCK_OLD_SOURCES; 667 skb = add_grec(skb, pmc, type, 1, 0); 668 skb = add_grec(skb, pmc, dtype, 1, 1); 669 } 670 if (pmc->crcount) { 671 if (pmc->sfmode == MCAST_EXCLUDE) { 672 type = IGMPV3_CHANGE_TO_INCLUDE; 673 skb = add_grec(skb, pmc, type, 1, 0); 674 } 675 pmc->crcount--; 676 if (pmc->crcount == 0) { 677 igmpv3_clear_zeros(&pmc->tomb); 678 igmpv3_clear_zeros(&pmc->sources); 679 } 680 } 681 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 682 if (pmc_prev) 683 pmc_prev->next = pmc_next; 684 else 685 in_dev->mc_tomb = pmc_next; 686 in_dev_put(pmc->interface); 687 kfree_pmc(pmc); 688 } else 689 pmc_prev = pmc; 690 } 691 spin_unlock_bh(&in_dev->mc_tomb_lock); 692 693 /* change recs */ 694 for_each_pmc_rcu(in_dev, pmc) { 695 spin_lock_bh(&pmc->lock); 696 if (pmc->sfcount[MCAST_EXCLUDE]) { 697 type = IGMPV3_BLOCK_OLD_SOURCES; 698 dtype = IGMPV3_ALLOW_NEW_SOURCES; 699 } else { 700 type = IGMPV3_ALLOW_NEW_SOURCES; 701 dtype = IGMPV3_BLOCK_OLD_SOURCES; 702 } 703 skb = add_grec(skb, pmc, type, 0, 0); 704 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 705 706 /* filter mode changes */ 707 if (pmc->crcount) { 708 if (pmc->sfmode == MCAST_EXCLUDE) 709 type = IGMPV3_CHANGE_TO_EXCLUDE; 710 else 711 type = IGMPV3_CHANGE_TO_INCLUDE; 712 skb = add_grec(skb, pmc, type, 0, 0); 713 pmc->crcount--; 714 } 715 spin_unlock_bh(&pmc->lock); 716 } 717 rcu_read_unlock(); 718 719 if (!skb) 720 return; 721 (void) igmpv3_sendpack(skb); 722 } 723 724 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 725 int type) 726 { 727 struct sk_buff *skb; 728 struct iphdr *iph; 729 struct igmphdr *ih; 730 struct rtable *rt; 731 struct net_device *dev = in_dev->dev; 732 struct net *net = dev_net(dev); 733 __be32 group = pmc ? pmc->multiaddr : 0; 734 struct flowi4 fl4; 735 __be32 dst; 736 int hlen, tlen; 737 738 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 739 return igmpv3_send_report(in_dev, pmc); 740 741 if (ipv4_is_local_multicast(group) && 742 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 743 return 0; 744 745 if (type == IGMP_HOST_LEAVE_MESSAGE) 746 dst = IGMP_ALL_ROUTER; 747 else 748 dst = group; 749 750 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 751 0, 0, 752 IPPROTO_IGMP, 0, dev->ifindex); 753 if (IS_ERR(rt)) 754 return -1; 755 756 hlen = LL_RESERVED_SPACE(dev); 757 tlen = dev->needed_tailroom; 758 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 759 if (!skb) { 760 ip_rt_put(rt); 761 return -1; 762 } 763 skb->priority = TC_PRIO_CONTROL; 764 765 skb_dst_set(skb, &rt->dst); 766 767 skb_reserve(skb, hlen); 768 769 skb_reset_network_header(skb); 770 iph = ip_hdr(skb); 771 skb_put(skb, sizeof(struct iphdr) + 4); 772 773 iph->version = 4; 774 iph->ihl = (sizeof(struct iphdr)+4)>>2; 775 iph->tos = 0xc0; 776 iph->frag_off = htons(IP_DF); 777 iph->ttl = 1; 778 iph->daddr = dst; 779 iph->saddr = fl4.saddr; 780 iph->protocol = IPPROTO_IGMP; 781 ip_select_ident(net, skb, NULL); 782 ((u8 *)&iph[1])[0] = IPOPT_RA; 783 ((u8 *)&iph[1])[1] = 4; 784 ((u8 *)&iph[1])[2] = 0; 785 ((u8 *)&iph[1])[3] = 0; 786 787 ih = skb_put(skb, sizeof(struct igmphdr)); 788 ih->type = type; 789 ih->code = 0; 790 ih->csum = 0; 791 ih->group = group; 792 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 793 794 return ip_local_out(net, skb->sk, skb); 795 } 796 797 static void igmp_gq_timer_expire(struct timer_list *t) 798 { 799 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 800 801 in_dev->mr_gq_running = 0; 802 igmpv3_send_report(in_dev, NULL); 803 in_dev_put(in_dev); 804 } 805 806 static void igmp_ifc_timer_expire(struct timer_list *t) 807 { 808 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 809 u32 mr_ifc_count; 810 811 igmpv3_send_cr(in_dev); 812 restart: 813 mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count); 814 815 if (mr_ifc_count) { 816 if (cmpxchg(&in_dev->mr_ifc_count, 817 mr_ifc_count, 818 mr_ifc_count - 1) != mr_ifc_count) 819 goto restart; 820 igmp_ifc_start_timer(in_dev, 821 unsolicited_report_interval(in_dev)); 822 } 823 in_dev_put(in_dev); 824 } 825 826 static void igmp_ifc_event(struct in_device *in_dev) 827 { 828 struct net *net = dev_net(in_dev->dev); 829 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 830 return; 831 WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv)); 832 igmp_ifc_start_timer(in_dev, 1); 833 } 834 835 836 static void igmp_timer_expire(struct timer_list *t) 837 { 838 struct ip_mc_list *im = from_timer(im, t, timer); 839 struct in_device *in_dev = im->interface; 840 841 spin_lock(&im->lock); 842 im->tm_running = 0; 843 844 if (im->unsolicit_count && --im->unsolicit_count) 845 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 846 847 im->reporter = 1; 848 spin_unlock(&im->lock); 849 850 if (IGMP_V1_SEEN(in_dev)) 851 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 852 else if (IGMP_V2_SEEN(in_dev)) 853 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 854 else 855 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 856 857 ip_ma_put(im); 858 } 859 860 /* mark EXCLUDE-mode sources */ 861 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 862 { 863 struct ip_sf_list *psf; 864 int i, scount; 865 866 scount = 0; 867 for (psf = pmc->sources; psf; psf = psf->sf_next) { 868 if (scount == nsrcs) 869 break; 870 for (i = 0; i < nsrcs; i++) { 871 /* skip inactive filters */ 872 if (psf->sf_count[MCAST_INCLUDE] || 873 pmc->sfcount[MCAST_EXCLUDE] != 874 psf->sf_count[MCAST_EXCLUDE]) 875 break; 876 if (srcs[i] == psf->sf_inaddr) { 877 scount++; 878 break; 879 } 880 } 881 } 882 pmc->gsquery = 0; 883 if (scount == nsrcs) /* all sources excluded */ 884 return 0; 885 return 1; 886 } 887 888 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 889 { 890 struct ip_sf_list *psf; 891 int i, scount; 892 893 if (pmc->sfmode == MCAST_EXCLUDE) 894 return igmp_xmarksources(pmc, nsrcs, srcs); 895 896 /* mark INCLUDE-mode sources */ 897 scount = 0; 898 for (psf = pmc->sources; psf; psf = psf->sf_next) { 899 if (scount == nsrcs) 900 break; 901 for (i = 0; i < nsrcs; i++) 902 if (srcs[i] == psf->sf_inaddr) { 903 psf->sf_gsresp = 1; 904 scount++; 905 break; 906 } 907 } 908 if (!scount) { 909 pmc->gsquery = 0; 910 return 0; 911 } 912 pmc->gsquery = 1; 913 return 1; 914 } 915 916 /* return true if packet was dropped */ 917 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 918 { 919 struct ip_mc_list *im; 920 struct net *net = dev_net(in_dev->dev); 921 922 /* Timers are only set for non-local groups */ 923 924 if (group == IGMP_ALL_HOSTS) 925 return false; 926 if (ipv4_is_local_multicast(group) && 927 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 928 return false; 929 930 rcu_read_lock(); 931 for_each_pmc_rcu(in_dev, im) { 932 if (im->multiaddr == group) { 933 igmp_stop_timer(im); 934 break; 935 } 936 } 937 rcu_read_unlock(); 938 return false; 939 } 940 941 /* return true if packet was dropped */ 942 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 943 int len) 944 { 945 struct igmphdr *ih = igmp_hdr(skb); 946 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 947 struct ip_mc_list *im; 948 __be32 group = ih->group; 949 int max_delay; 950 int mark = 0; 951 struct net *net = dev_net(in_dev->dev); 952 953 954 if (len == 8) { 955 if (ih->code == 0) { 956 /* Alas, old v1 router presents here. */ 957 958 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 959 in_dev->mr_v1_seen = jiffies + 960 (in_dev->mr_qrv * in_dev->mr_qi) + 961 in_dev->mr_qri; 962 group = 0; 963 } else { 964 /* v2 router present */ 965 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 966 in_dev->mr_v2_seen = jiffies + 967 (in_dev->mr_qrv * in_dev->mr_qi) + 968 in_dev->mr_qri; 969 } 970 /* cancel the interface change timer */ 971 WRITE_ONCE(in_dev->mr_ifc_count, 0); 972 if (del_timer(&in_dev->mr_ifc_timer)) 973 __in_dev_put(in_dev); 974 /* clear deleted report items */ 975 igmpv3_clear_delrec(in_dev); 976 } else if (len < 12) { 977 return true; /* ignore bogus packet; freed by caller */ 978 } else if (IGMP_V1_SEEN(in_dev)) { 979 /* This is a v3 query with v1 queriers present */ 980 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 981 group = 0; 982 } else if (IGMP_V2_SEEN(in_dev)) { 983 /* this is a v3 query with v2 queriers present; 984 * Interpretation of the max_delay code is problematic here. 985 * A real v2 host would use ih_code directly, while v3 has a 986 * different encoding. We use the v3 encoding as more likely 987 * to be intended in a v3 query. 988 */ 989 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 990 if (!max_delay) 991 max_delay = 1; /* can't mod w/ 0 */ 992 } else { /* v3 */ 993 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 994 return true; 995 996 ih3 = igmpv3_query_hdr(skb); 997 if (ih3->nsrcs) { 998 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 999 + ntohs(ih3->nsrcs)*sizeof(__be32))) 1000 return true; 1001 ih3 = igmpv3_query_hdr(skb); 1002 } 1003 1004 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 1005 if (!max_delay) 1006 max_delay = 1; /* can't mod w/ 0 */ 1007 in_dev->mr_maxdelay = max_delay; 1008 1009 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1010 * received value was zero, use the default or statically 1011 * configured value. 1012 */ 1013 in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1014 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1015 1016 /* RFC3376, 8.3. Query Response Interval: 1017 * The number of seconds represented by the [Query Response 1018 * Interval] must be less than the [Query Interval]. 1019 */ 1020 if (in_dev->mr_qri >= in_dev->mr_qi) 1021 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1022 1023 if (!group) { /* general query */ 1024 if (ih3->nsrcs) 1025 return true; /* no sources allowed */ 1026 igmp_gq_start_timer(in_dev); 1027 return false; 1028 } 1029 /* mark sources to include, if group & source-specific */ 1030 mark = ih3->nsrcs != 0; 1031 } 1032 1033 /* 1034 * - Start the timers in all of our membership records 1035 * that the query applies to for the interface on 1036 * which the query arrived excl. those that belong 1037 * to a "local" group (224.0.0.X) 1038 * - For timers already running check if they need to 1039 * be reset. 1040 * - Use the igmp->igmp_code field as the maximum 1041 * delay possible 1042 */ 1043 rcu_read_lock(); 1044 for_each_pmc_rcu(in_dev, im) { 1045 int changed; 1046 1047 if (group && group != im->multiaddr) 1048 continue; 1049 if (im->multiaddr == IGMP_ALL_HOSTS) 1050 continue; 1051 if (ipv4_is_local_multicast(im->multiaddr) && 1052 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1053 continue; 1054 spin_lock_bh(&im->lock); 1055 if (im->tm_running) 1056 im->gsquery = im->gsquery && mark; 1057 else 1058 im->gsquery = mark; 1059 changed = !im->gsquery || 1060 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1061 spin_unlock_bh(&im->lock); 1062 if (changed) 1063 igmp_mod_timer(im, max_delay); 1064 } 1065 rcu_read_unlock(); 1066 return false; 1067 } 1068 1069 /* called in rcu_read_lock() section */ 1070 int igmp_rcv(struct sk_buff *skb) 1071 { 1072 /* This basically follows the spec line by line -- see RFC1112 */ 1073 struct igmphdr *ih; 1074 struct net_device *dev = skb->dev; 1075 struct in_device *in_dev; 1076 int len = skb->len; 1077 bool dropped = true; 1078 1079 if (netif_is_l3_master(dev)) { 1080 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1081 if (!dev) 1082 goto drop; 1083 } 1084 1085 in_dev = __in_dev_get_rcu(dev); 1086 if (!in_dev) 1087 goto drop; 1088 1089 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1090 goto drop; 1091 1092 if (skb_checksum_simple_validate(skb)) 1093 goto drop; 1094 1095 ih = igmp_hdr(skb); 1096 switch (ih->type) { 1097 case IGMP_HOST_MEMBERSHIP_QUERY: 1098 dropped = igmp_heard_query(in_dev, skb, len); 1099 break; 1100 case IGMP_HOST_MEMBERSHIP_REPORT: 1101 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1102 /* Is it our report looped back? */ 1103 if (rt_is_output_route(skb_rtable(skb))) 1104 break; 1105 /* don't rely on MC router hearing unicast reports */ 1106 if (skb->pkt_type == PACKET_MULTICAST || 1107 skb->pkt_type == PACKET_BROADCAST) 1108 dropped = igmp_heard_report(in_dev, ih->group); 1109 break; 1110 case IGMP_PIM: 1111 #ifdef CONFIG_IP_PIMSM_V1 1112 return pim_rcv_v1(skb); 1113 #endif 1114 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1115 case IGMP_DVMRP: 1116 case IGMP_TRACE: 1117 case IGMP_HOST_LEAVE_MESSAGE: 1118 case IGMP_MTRACE: 1119 case IGMP_MTRACE_RESP: 1120 break; 1121 default: 1122 break; 1123 } 1124 1125 drop: 1126 if (dropped) 1127 kfree_skb(skb); 1128 else 1129 consume_skb(skb); 1130 return 0; 1131 } 1132 1133 #endif 1134 1135 1136 /* 1137 * Add a filter to a device 1138 */ 1139 1140 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1141 { 1142 char buf[MAX_ADDR_LEN]; 1143 struct net_device *dev = in_dev->dev; 1144 1145 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1146 We will get multicast token leakage, when IFF_MULTICAST 1147 is changed. This check should be done in ndo_set_rx_mode 1148 routine. Something sort of: 1149 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1150 --ANK 1151 */ 1152 if (arp_mc_map(addr, buf, dev, 0) == 0) 1153 dev_mc_add(dev, buf); 1154 } 1155 1156 /* 1157 * Remove a filter from a device 1158 */ 1159 1160 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1161 { 1162 char buf[MAX_ADDR_LEN]; 1163 struct net_device *dev = in_dev->dev; 1164 1165 if (arp_mc_map(addr, buf, dev, 0) == 0) 1166 dev_mc_del(dev, buf); 1167 } 1168 1169 #ifdef CONFIG_IP_MULTICAST 1170 /* 1171 * deleted ip_mc_list manipulation 1172 */ 1173 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1174 gfp_t gfp) 1175 { 1176 struct ip_mc_list *pmc; 1177 struct net *net = dev_net(in_dev->dev); 1178 1179 /* this is an "ip_mc_list" for convenience; only the fields below 1180 * are actually used. In particular, the refcnt and users are not 1181 * used for management of the delete list. Using the same structure 1182 * for deleted items allows change reports to use common code with 1183 * non-deleted or query-response MCA's. 1184 */ 1185 pmc = kzalloc(sizeof(*pmc), gfp); 1186 if (!pmc) 1187 return; 1188 spin_lock_init(&pmc->lock); 1189 spin_lock_bh(&im->lock); 1190 pmc->interface = im->interface; 1191 in_dev_hold(in_dev); 1192 pmc->multiaddr = im->multiaddr; 1193 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1194 pmc->sfmode = im->sfmode; 1195 if (pmc->sfmode == MCAST_INCLUDE) { 1196 struct ip_sf_list *psf; 1197 1198 pmc->tomb = im->tomb; 1199 pmc->sources = im->sources; 1200 im->tomb = im->sources = NULL; 1201 for (psf = pmc->sources; psf; psf = psf->sf_next) 1202 psf->sf_crcount = pmc->crcount; 1203 } 1204 spin_unlock_bh(&im->lock); 1205 1206 spin_lock_bh(&in_dev->mc_tomb_lock); 1207 pmc->next = in_dev->mc_tomb; 1208 in_dev->mc_tomb = pmc; 1209 spin_unlock_bh(&in_dev->mc_tomb_lock); 1210 } 1211 1212 /* 1213 * restore ip_mc_list deleted records 1214 */ 1215 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1216 { 1217 struct ip_mc_list *pmc, *pmc_prev; 1218 struct ip_sf_list *psf; 1219 struct net *net = dev_net(in_dev->dev); 1220 __be32 multiaddr = im->multiaddr; 1221 1222 spin_lock_bh(&in_dev->mc_tomb_lock); 1223 pmc_prev = NULL; 1224 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1225 if (pmc->multiaddr == multiaddr) 1226 break; 1227 pmc_prev = pmc; 1228 } 1229 if (pmc) { 1230 if (pmc_prev) 1231 pmc_prev->next = pmc->next; 1232 else 1233 in_dev->mc_tomb = pmc->next; 1234 } 1235 spin_unlock_bh(&in_dev->mc_tomb_lock); 1236 1237 spin_lock_bh(&im->lock); 1238 if (pmc) { 1239 im->interface = pmc->interface; 1240 if (im->sfmode == MCAST_INCLUDE) { 1241 swap(im->tomb, pmc->tomb); 1242 swap(im->sources, pmc->sources); 1243 for (psf = im->sources; psf; psf = psf->sf_next) 1244 psf->sf_crcount = in_dev->mr_qrv ?: 1245 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1246 } else { 1247 im->crcount = in_dev->mr_qrv ?: 1248 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1249 } 1250 in_dev_put(pmc->interface); 1251 kfree_pmc(pmc); 1252 } 1253 spin_unlock_bh(&im->lock); 1254 } 1255 1256 /* 1257 * flush ip_mc_list deleted records 1258 */ 1259 static void igmpv3_clear_delrec(struct in_device *in_dev) 1260 { 1261 struct ip_mc_list *pmc, *nextpmc; 1262 1263 spin_lock_bh(&in_dev->mc_tomb_lock); 1264 pmc = in_dev->mc_tomb; 1265 in_dev->mc_tomb = NULL; 1266 spin_unlock_bh(&in_dev->mc_tomb_lock); 1267 1268 for (; pmc; pmc = nextpmc) { 1269 nextpmc = pmc->next; 1270 ip_mc_clear_src(pmc); 1271 in_dev_put(pmc->interface); 1272 kfree_pmc(pmc); 1273 } 1274 /* clear dead sources, too */ 1275 rcu_read_lock(); 1276 for_each_pmc_rcu(in_dev, pmc) { 1277 struct ip_sf_list *psf; 1278 1279 spin_lock_bh(&pmc->lock); 1280 psf = pmc->tomb; 1281 pmc->tomb = NULL; 1282 spin_unlock_bh(&pmc->lock); 1283 ip_sf_list_clear_all(psf); 1284 } 1285 rcu_read_unlock(); 1286 } 1287 #endif 1288 1289 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1290 { 1291 struct in_device *in_dev = im->interface; 1292 #ifdef CONFIG_IP_MULTICAST 1293 struct net *net = dev_net(in_dev->dev); 1294 int reporter; 1295 #endif 1296 1297 if (im->loaded) { 1298 im->loaded = 0; 1299 ip_mc_filter_del(in_dev, im->multiaddr); 1300 } 1301 1302 #ifdef CONFIG_IP_MULTICAST 1303 if (im->multiaddr == IGMP_ALL_HOSTS) 1304 return; 1305 if (ipv4_is_local_multicast(im->multiaddr) && 1306 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1307 return; 1308 1309 reporter = im->reporter; 1310 igmp_stop_timer(im); 1311 1312 if (!in_dev->dead) { 1313 if (IGMP_V1_SEEN(in_dev)) 1314 return; 1315 if (IGMP_V2_SEEN(in_dev)) { 1316 if (reporter) 1317 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1318 return; 1319 } 1320 /* IGMPv3 */ 1321 igmpv3_add_delrec(in_dev, im, gfp); 1322 1323 igmp_ifc_event(in_dev); 1324 } 1325 #endif 1326 } 1327 1328 static void igmp_group_dropped(struct ip_mc_list *im) 1329 { 1330 __igmp_group_dropped(im, GFP_KERNEL); 1331 } 1332 1333 static void igmp_group_added(struct ip_mc_list *im) 1334 { 1335 struct in_device *in_dev = im->interface; 1336 #ifdef CONFIG_IP_MULTICAST 1337 struct net *net = dev_net(in_dev->dev); 1338 #endif 1339 1340 if (im->loaded == 0) { 1341 im->loaded = 1; 1342 ip_mc_filter_add(in_dev, im->multiaddr); 1343 } 1344 1345 #ifdef CONFIG_IP_MULTICAST 1346 if (im->multiaddr == IGMP_ALL_HOSTS) 1347 return; 1348 if (ipv4_is_local_multicast(im->multiaddr) && 1349 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1350 return; 1351 1352 if (in_dev->dead) 1353 return; 1354 1355 im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1356 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1357 spin_lock_bh(&im->lock); 1358 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1359 spin_unlock_bh(&im->lock); 1360 return; 1361 } 1362 /* else, v3 */ 1363 1364 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1365 * not send filter-mode change record as the mode should be from 1366 * IN() to IN(A). 1367 */ 1368 if (im->sfmode == MCAST_EXCLUDE) 1369 im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1370 1371 igmp_ifc_event(in_dev); 1372 #endif 1373 } 1374 1375 1376 /* 1377 * Multicast list managers 1378 */ 1379 1380 static u32 ip_mc_hash(const struct ip_mc_list *im) 1381 { 1382 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1383 } 1384 1385 static void ip_mc_hash_add(struct in_device *in_dev, 1386 struct ip_mc_list *im) 1387 { 1388 struct ip_mc_list __rcu **mc_hash; 1389 u32 hash; 1390 1391 mc_hash = rtnl_dereference(in_dev->mc_hash); 1392 if (mc_hash) { 1393 hash = ip_mc_hash(im); 1394 im->next_hash = mc_hash[hash]; 1395 rcu_assign_pointer(mc_hash[hash], im); 1396 return; 1397 } 1398 1399 /* do not use a hash table for small number of items */ 1400 if (in_dev->mc_count < 4) 1401 return; 1402 1403 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1404 GFP_KERNEL); 1405 if (!mc_hash) 1406 return; 1407 1408 for_each_pmc_rtnl(in_dev, im) { 1409 hash = ip_mc_hash(im); 1410 im->next_hash = mc_hash[hash]; 1411 RCU_INIT_POINTER(mc_hash[hash], im); 1412 } 1413 1414 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1415 } 1416 1417 static void ip_mc_hash_remove(struct in_device *in_dev, 1418 struct ip_mc_list *im) 1419 { 1420 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1421 struct ip_mc_list *aux; 1422 1423 if (!mc_hash) 1424 return; 1425 mc_hash += ip_mc_hash(im); 1426 while ((aux = rtnl_dereference(*mc_hash)) != im) 1427 mc_hash = &aux->next_hash; 1428 *mc_hash = im->next_hash; 1429 } 1430 1431 1432 /* 1433 * A socket has joined a multicast group on device dev. 1434 */ 1435 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1436 unsigned int mode, gfp_t gfp) 1437 { 1438 struct ip_mc_list *im; 1439 1440 ASSERT_RTNL(); 1441 1442 for_each_pmc_rtnl(in_dev, im) { 1443 if (im->multiaddr == addr) { 1444 im->users++; 1445 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1446 goto out; 1447 } 1448 } 1449 1450 im = kzalloc(sizeof(*im), gfp); 1451 if (!im) 1452 goto out; 1453 1454 im->users = 1; 1455 im->interface = in_dev; 1456 in_dev_hold(in_dev); 1457 im->multiaddr = addr; 1458 /* initial mode is (EX, empty) */ 1459 im->sfmode = mode; 1460 im->sfcount[mode] = 1; 1461 refcount_set(&im->refcnt, 1); 1462 spin_lock_init(&im->lock); 1463 #ifdef CONFIG_IP_MULTICAST 1464 timer_setup(&im->timer, igmp_timer_expire, 0); 1465 #endif 1466 1467 im->next_rcu = in_dev->mc_list; 1468 in_dev->mc_count++; 1469 rcu_assign_pointer(in_dev->mc_list, im); 1470 1471 ip_mc_hash_add(in_dev, im); 1472 1473 #ifdef CONFIG_IP_MULTICAST 1474 igmpv3_del_delrec(in_dev, im); 1475 #endif 1476 igmp_group_added(im); 1477 if (!in_dev->dead) 1478 ip_rt_multicast_event(in_dev); 1479 out: 1480 return; 1481 } 1482 1483 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1484 { 1485 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1486 } 1487 EXPORT_SYMBOL(__ip_mc_inc_group); 1488 1489 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1490 { 1491 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1492 } 1493 EXPORT_SYMBOL(ip_mc_inc_group); 1494 1495 static int ip_mc_check_iphdr(struct sk_buff *skb) 1496 { 1497 const struct iphdr *iph; 1498 unsigned int len; 1499 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1500 1501 if (!pskb_may_pull(skb, offset)) 1502 return -EINVAL; 1503 1504 iph = ip_hdr(skb); 1505 1506 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1507 return -EINVAL; 1508 1509 offset += ip_hdrlen(skb) - sizeof(*iph); 1510 1511 if (!pskb_may_pull(skb, offset)) 1512 return -EINVAL; 1513 1514 iph = ip_hdr(skb); 1515 1516 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1517 return -EINVAL; 1518 1519 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1520 if (skb->len < len || len < offset) 1521 return -EINVAL; 1522 1523 skb_set_transport_header(skb, offset); 1524 1525 return 0; 1526 } 1527 1528 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1529 { 1530 unsigned int len = skb_transport_offset(skb); 1531 1532 len += sizeof(struct igmpv3_report); 1533 1534 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1535 } 1536 1537 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1538 { 1539 unsigned int transport_len = ip_transport_len(skb); 1540 unsigned int len; 1541 1542 /* IGMPv{1,2}? */ 1543 if (transport_len != sizeof(struct igmphdr)) { 1544 /* or IGMPv3? */ 1545 if (transport_len < sizeof(struct igmpv3_query)) 1546 return -EINVAL; 1547 1548 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1549 if (!ip_mc_may_pull(skb, len)) 1550 return -EINVAL; 1551 } 1552 1553 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1554 * all-systems destination addresses (224.0.0.1) for general queries 1555 */ 1556 if (!igmp_hdr(skb)->group && 1557 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1558 return -EINVAL; 1559 1560 return 0; 1561 } 1562 1563 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1564 { 1565 switch (igmp_hdr(skb)->type) { 1566 case IGMP_HOST_LEAVE_MESSAGE: 1567 case IGMP_HOST_MEMBERSHIP_REPORT: 1568 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1569 return 0; 1570 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1571 return ip_mc_check_igmp_reportv3(skb); 1572 case IGMP_HOST_MEMBERSHIP_QUERY: 1573 return ip_mc_check_igmp_query(skb); 1574 default: 1575 return -ENOMSG; 1576 } 1577 } 1578 1579 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1580 { 1581 return skb_checksum_simple_validate(skb); 1582 } 1583 1584 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1585 { 1586 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1587 unsigned int transport_len = ip_transport_len(skb); 1588 struct sk_buff *skb_chk; 1589 1590 if (!ip_mc_may_pull(skb, len)) 1591 return -EINVAL; 1592 1593 skb_chk = skb_checksum_trimmed(skb, transport_len, 1594 ip_mc_validate_checksum); 1595 if (!skb_chk) 1596 return -EINVAL; 1597 1598 if (skb_chk != skb) 1599 kfree_skb(skb_chk); 1600 1601 return 0; 1602 } 1603 1604 /** 1605 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1606 * @skb: the skb to validate 1607 * 1608 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1609 * skb transport header accordingly and returns zero. 1610 * 1611 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1612 * standard 1613 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1614 * -ENOMEM: A memory allocation failure happened. 1615 * 1616 * Caller needs to set the skb network header and free any returned skb if it 1617 * differs from the provided skb. 1618 */ 1619 int ip_mc_check_igmp(struct sk_buff *skb) 1620 { 1621 int ret = ip_mc_check_iphdr(skb); 1622 1623 if (ret < 0) 1624 return ret; 1625 1626 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1627 return -ENOMSG; 1628 1629 ret = ip_mc_check_igmp_csum(skb); 1630 if (ret < 0) 1631 return ret; 1632 1633 return ip_mc_check_igmp_msg(skb); 1634 } 1635 EXPORT_SYMBOL(ip_mc_check_igmp); 1636 1637 /* 1638 * Resend IGMP JOIN report; used by netdev notifier. 1639 */ 1640 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1641 { 1642 #ifdef CONFIG_IP_MULTICAST 1643 struct ip_mc_list *im; 1644 int type; 1645 struct net *net = dev_net(in_dev->dev); 1646 1647 ASSERT_RTNL(); 1648 1649 for_each_pmc_rtnl(in_dev, im) { 1650 if (im->multiaddr == IGMP_ALL_HOSTS) 1651 continue; 1652 if (ipv4_is_local_multicast(im->multiaddr) && 1653 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1654 continue; 1655 1656 /* a failover is happening and switches 1657 * must be notified immediately 1658 */ 1659 if (IGMP_V1_SEEN(in_dev)) 1660 type = IGMP_HOST_MEMBERSHIP_REPORT; 1661 else if (IGMP_V2_SEEN(in_dev)) 1662 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1663 else 1664 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1665 igmp_send_report(in_dev, im, type); 1666 } 1667 #endif 1668 } 1669 1670 /* 1671 * A socket has left a multicast group on device dev 1672 */ 1673 1674 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1675 { 1676 struct ip_mc_list *i; 1677 struct ip_mc_list __rcu **ip; 1678 1679 ASSERT_RTNL(); 1680 1681 for (ip = &in_dev->mc_list; 1682 (i = rtnl_dereference(*ip)) != NULL; 1683 ip = &i->next_rcu) { 1684 if (i->multiaddr == addr) { 1685 if (--i->users == 0) { 1686 ip_mc_hash_remove(in_dev, i); 1687 *ip = i->next_rcu; 1688 in_dev->mc_count--; 1689 __igmp_group_dropped(i, gfp); 1690 ip_mc_clear_src(i); 1691 1692 if (!in_dev->dead) 1693 ip_rt_multicast_event(in_dev); 1694 1695 ip_ma_put(i); 1696 return; 1697 } 1698 break; 1699 } 1700 } 1701 } 1702 EXPORT_SYMBOL(__ip_mc_dec_group); 1703 1704 /* Device changing type */ 1705 1706 void ip_mc_unmap(struct in_device *in_dev) 1707 { 1708 struct ip_mc_list *pmc; 1709 1710 ASSERT_RTNL(); 1711 1712 for_each_pmc_rtnl(in_dev, pmc) 1713 igmp_group_dropped(pmc); 1714 } 1715 1716 void ip_mc_remap(struct in_device *in_dev) 1717 { 1718 struct ip_mc_list *pmc; 1719 1720 ASSERT_RTNL(); 1721 1722 for_each_pmc_rtnl(in_dev, pmc) { 1723 #ifdef CONFIG_IP_MULTICAST 1724 igmpv3_del_delrec(in_dev, pmc); 1725 #endif 1726 igmp_group_added(pmc); 1727 } 1728 } 1729 1730 /* Device going down */ 1731 1732 void ip_mc_down(struct in_device *in_dev) 1733 { 1734 struct ip_mc_list *pmc; 1735 1736 ASSERT_RTNL(); 1737 1738 for_each_pmc_rtnl(in_dev, pmc) 1739 igmp_group_dropped(pmc); 1740 1741 #ifdef CONFIG_IP_MULTICAST 1742 WRITE_ONCE(in_dev->mr_ifc_count, 0); 1743 if (del_timer(&in_dev->mr_ifc_timer)) 1744 __in_dev_put(in_dev); 1745 in_dev->mr_gq_running = 0; 1746 if (del_timer(&in_dev->mr_gq_timer)) 1747 __in_dev_put(in_dev); 1748 #endif 1749 1750 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1751 } 1752 1753 #ifdef CONFIG_IP_MULTICAST 1754 static void ip_mc_reset(struct in_device *in_dev) 1755 { 1756 struct net *net = dev_net(in_dev->dev); 1757 1758 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1759 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1760 in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1761 } 1762 #else 1763 static void ip_mc_reset(struct in_device *in_dev) 1764 { 1765 } 1766 #endif 1767 1768 void ip_mc_init_dev(struct in_device *in_dev) 1769 { 1770 ASSERT_RTNL(); 1771 1772 #ifdef CONFIG_IP_MULTICAST 1773 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1774 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1775 #endif 1776 ip_mc_reset(in_dev); 1777 1778 spin_lock_init(&in_dev->mc_tomb_lock); 1779 } 1780 1781 /* Device going up */ 1782 1783 void ip_mc_up(struct in_device *in_dev) 1784 { 1785 struct ip_mc_list *pmc; 1786 1787 ASSERT_RTNL(); 1788 1789 ip_mc_reset(in_dev); 1790 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1791 1792 for_each_pmc_rtnl(in_dev, pmc) { 1793 #ifdef CONFIG_IP_MULTICAST 1794 igmpv3_del_delrec(in_dev, pmc); 1795 #endif 1796 igmp_group_added(pmc); 1797 } 1798 } 1799 1800 /* 1801 * Device is about to be destroyed: clean up. 1802 */ 1803 1804 void ip_mc_destroy_dev(struct in_device *in_dev) 1805 { 1806 struct ip_mc_list *i; 1807 1808 ASSERT_RTNL(); 1809 1810 /* Deactivate timers */ 1811 ip_mc_down(in_dev); 1812 #ifdef CONFIG_IP_MULTICAST 1813 igmpv3_clear_delrec(in_dev); 1814 #endif 1815 1816 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1817 in_dev->mc_list = i->next_rcu; 1818 in_dev->mc_count--; 1819 ip_mc_clear_src(i); 1820 ip_ma_put(i); 1821 } 1822 } 1823 1824 /* RTNL is locked */ 1825 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1826 { 1827 struct net_device *dev = NULL; 1828 struct in_device *idev = NULL; 1829 1830 if (imr->imr_ifindex) { 1831 idev = inetdev_by_index(net, imr->imr_ifindex); 1832 return idev; 1833 } 1834 if (imr->imr_address.s_addr) { 1835 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1836 if (!dev) 1837 return NULL; 1838 } 1839 1840 if (!dev) { 1841 struct rtable *rt = ip_route_output(net, 1842 imr->imr_multiaddr.s_addr, 1843 0, 0, 0); 1844 if (!IS_ERR(rt)) { 1845 dev = rt->dst.dev; 1846 ip_rt_put(rt); 1847 } 1848 } 1849 if (dev) { 1850 imr->imr_ifindex = dev->ifindex; 1851 idev = __in_dev_get_rtnl(dev); 1852 } 1853 return idev; 1854 } 1855 1856 /* 1857 * Join a socket to a group 1858 */ 1859 1860 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1861 __be32 *psfsrc) 1862 { 1863 struct ip_sf_list *psf, *psf_prev; 1864 int rv = 0; 1865 1866 psf_prev = NULL; 1867 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1868 if (psf->sf_inaddr == *psfsrc) 1869 break; 1870 psf_prev = psf; 1871 } 1872 if (!psf || psf->sf_count[sfmode] == 0) { 1873 /* source filter not found, or count wrong => bug */ 1874 return -ESRCH; 1875 } 1876 psf->sf_count[sfmode]--; 1877 if (psf->sf_count[sfmode] == 0) { 1878 ip_rt_multicast_event(pmc->interface); 1879 } 1880 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1881 #ifdef CONFIG_IP_MULTICAST 1882 struct in_device *in_dev = pmc->interface; 1883 struct net *net = dev_net(in_dev->dev); 1884 #endif 1885 1886 /* no more filters for this source */ 1887 if (psf_prev) 1888 psf_prev->sf_next = psf->sf_next; 1889 else 1890 pmc->sources = psf->sf_next; 1891 #ifdef CONFIG_IP_MULTICAST 1892 if (psf->sf_oldin && 1893 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1894 psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1895 psf->sf_next = pmc->tomb; 1896 pmc->tomb = psf; 1897 rv = 1; 1898 } else 1899 #endif 1900 kfree(psf); 1901 } 1902 return rv; 1903 } 1904 1905 #ifndef CONFIG_IP_MULTICAST 1906 #define igmp_ifc_event(x) do { } while (0) 1907 #endif 1908 1909 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1910 int sfcount, __be32 *psfsrc, int delta) 1911 { 1912 struct ip_mc_list *pmc; 1913 int changerec = 0; 1914 int i, err; 1915 1916 if (!in_dev) 1917 return -ENODEV; 1918 rcu_read_lock(); 1919 for_each_pmc_rcu(in_dev, pmc) { 1920 if (*pmca == pmc->multiaddr) 1921 break; 1922 } 1923 if (!pmc) { 1924 /* MCA not found?? bug */ 1925 rcu_read_unlock(); 1926 return -ESRCH; 1927 } 1928 spin_lock_bh(&pmc->lock); 1929 rcu_read_unlock(); 1930 #ifdef CONFIG_IP_MULTICAST 1931 sf_markstate(pmc); 1932 #endif 1933 if (!delta) { 1934 err = -EINVAL; 1935 if (!pmc->sfcount[sfmode]) 1936 goto out_unlock; 1937 pmc->sfcount[sfmode]--; 1938 } 1939 err = 0; 1940 for (i = 0; i < sfcount; i++) { 1941 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1942 1943 changerec |= rv > 0; 1944 if (!err && rv < 0) 1945 err = rv; 1946 } 1947 if (pmc->sfmode == MCAST_EXCLUDE && 1948 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1949 pmc->sfcount[MCAST_INCLUDE]) { 1950 #ifdef CONFIG_IP_MULTICAST 1951 struct ip_sf_list *psf; 1952 struct net *net = dev_net(in_dev->dev); 1953 #endif 1954 1955 /* filter mode change */ 1956 pmc->sfmode = MCAST_INCLUDE; 1957 #ifdef CONFIG_IP_MULTICAST 1958 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1959 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 1960 for (psf = pmc->sources; psf; psf = psf->sf_next) 1961 psf->sf_crcount = 0; 1962 igmp_ifc_event(pmc->interface); 1963 } else if (sf_setstate(pmc) || changerec) { 1964 igmp_ifc_event(pmc->interface); 1965 #endif 1966 } 1967 out_unlock: 1968 spin_unlock_bh(&pmc->lock); 1969 return err; 1970 } 1971 1972 /* 1973 * Add multicast single-source filter to the interface list 1974 */ 1975 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1976 __be32 *psfsrc) 1977 { 1978 struct ip_sf_list *psf, *psf_prev; 1979 1980 psf_prev = NULL; 1981 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1982 if (psf->sf_inaddr == *psfsrc) 1983 break; 1984 psf_prev = psf; 1985 } 1986 if (!psf) { 1987 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1988 if (!psf) 1989 return -ENOBUFS; 1990 psf->sf_inaddr = *psfsrc; 1991 if (psf_prev) { 1992 psf_prev->sf_next = psf; 1993 } else 1994 pmc->sources = psf; 1995 } 1996 psf->sf_count[sfmode]++; 1997 if (psf->sf_count[sfmode] == 1) { 1998 ip_rt_multicast_event(pmc->interface); 1999 } 2000 return 0; 2001 } 2002 2003 #ifdef CONFIG_IP_MULTICAST 2004 static void sf_markstate(struct ip_mc_list *pmc) 2005 { 2006 struct ip_sf_list *psf; 2007 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2008 2009 for (psf = pmc->sources; psf; psf = psf->sf_next) 2010 if (pmc->sfcount[MCAST_EXCLUDE]) { 2011 psf->sf_oldin = mca_xcount == 2012 psf->sf_count[MCAST_EXCLUDE] && 2013 !psf->sf_count[MCAST_INCLUDE]; 2014 } else 2015 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2016 } 2017 2018 static int sf_setstate(struct ip_mc_list *pmc) 2019 { 2020 struct ip_sf_list *psf, *dpsf; 2021 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2022 int qrv = pmc->interface->mr_qrv; 2023 int new_in, rv; 2024 2025 rv = 0; 2026 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2027 if (pmc->sfcount[MCAST_EXCLUDE]) { 2028 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2029 !psf->sf_count[MCAST_INCLUDE]; 2030 } else 2031 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2032 if (new_in) { 2033 if (!psf->sf_oldin) { 2034 struct ip_sf_list *prev = NULL; 2035 2036 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2037 if (dpsf->sf_inaddr == psf->sf_inaddr) 2038 break; 2039 prev = dpsf; 2040 } 2041 if (dpsf) { 2042 if (prev) 2043 prev->sf_next = dpsf->sf_next; 2044 else 2045 pmc->tomb = dpsf->sf_next; 2046 kfree(dpsf); 2047 } 2048 psf->sf_crcount = qrv; 2049 rv++; 2050 } 2051 } else if (psf->sf_oldin) { 2052 2053 psf->sf_crcount = 0; 2054 /* 2055 * add or update "delete" records if an active filter 2056 * is now inactive 2057 */ 2058 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2059 if (dpsf->sf_inaddr == psf->sf_inaddr) 2060 break; 2061 if (!dpsf) { 2062 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2063 if (!dpsf) 2064 continue; 2065 *dpsf = *psf; 2066 /* pmc->lock held by callers */ 2067 dpsf->sf_next = pmc->tomb; 2068 pmc->tomb = dpsf; 2069 } 2070 dpsf->sf_crcount = qrv; 2071 rv++; 2072 } 2073 } 2074 return rv; 2075 } 2076 #endif 2077 2078 /* 2079 * Add multicast source filter list to the interface list 2080 */ 2081 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2082 int sfcount, __be32 *psfsrc, int delta) 2083 { 2084 struct ip_mc_list *pmc; 2085 int isexclude; 2086 int i, err; 2087 2088 if (!in_dev) 2089 return -ENODEV; 2090 rcu_read_lock(); 2091 for_each_pmc_rcu(in_dev, pmc) { 2092 if (*pmca == pmc->multiaddr) 2093 break; 2094 } 2095 if (!pmc) { 2096 /* MCA not found?? bug */ 2097 rcu_read_unlock(); 2098 return -ESRCH; 2099 } 2100 spin_lock_bh(&pmc->lock); 2101 rcu_read_unlock(); 2102 2103 #ifdef CONFIG_IP_MULTICAST 2104 sf_markstate(pmc); 2105 #endif 2106 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2107 if (!delta) 2108 pmc->sfcount[sfmode]++; 2109 err = 0; 2110 for (i = 0; i < sfcount; i++) { 2111 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2112 if (err) 2113 break; 2114 } 2115 if (err) { 2116 int j; 2117 2118 if (!delta) 2119 pmc->sfcount[sfmode]--; 2120 for (j = 0; j < i; j++) 2121 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2122 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2123 #ifdef CONFIG_IP_MULTICAST 2124 struct ip_sf_list *psf; 2125 struct net *net = dev_net(pmc->interface->dev); 2126 in_dev = pmc->interface; 2127 #endif 2128 2129 /* filter mode change */ 2130 if (pmc->sfcount[MCAST_EXCLUDE]) 2131 pmc->sfmode = MCAST_EXCLUDE; 2132 else if (pmc->sfcount[MCAST_INCLUDE]) 2133 pmc->sfmode = MCAST_INCLUDE; 2134 #ifdef CONFIG_IP_MULTICAST 2135 /* else no filters; keep old mode for reports */ 2136 2137 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 2138 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2139 for (psf = pmc->sources; psf; psf = psf->sf_next) 2140 psf->sf_crcount = 0; 2141 igmp_ifc_event(in_dev); 2142 } else if (sf_setstate(pmc)) { 2143 igmp_ifc_event(in_dev); 2144 #endif 2145 } 2146 spin_unlock_bh(&pmc->lock); 2147 return err; 2148 } 2149 2150 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2151 { 2152 struct ip_sf_list *tomb, *sources; 2153 2154 spin_lock_bh(&pmc->lock); 2155 tomb = pmc->tomb; 2156 pmc->tomb = NULL; 2157 sources = pmc->sources; 2158 pmc->sources = NULL; 2159 pmc->sfmode = MCAST_EXCLUDE; 2160 pmc->sfcount[MCAST_INCLUDE] = 0; 2161 pmc->sfcount[MCAST_EXCLUDE] = 1; 2162 spin_unlock_bh(&pmc->lock); 2163 2164 ip_sf_list_clear_all(tomb); 2165 ip_sf_list_clear_all(sources); 2166 } 2167 2168 /* Join a multicast group 2169 */ 2170 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2171 unsigned int mode) 2172 { 2173 __be32 addr = imr->imr_multiaddr.s_addr; 2174 struct ip_mc_socklist *iml, *i; 2175 struct in_device *in_dev; 2176 struct inet_sock *inet = inet_sk(sk); 2177 struct net *net = sock_net(sk); 2178 int ifindex; 2179 int count = 0; 2180 int err; 2181 2182 ASSERT_RTNL(); 2183 2184 if (!ipv4_is_multicast(addr)) 2185 return -EINVAL; 2186 2187 in_dev = ip_mc_find_dev(net, imr); 2188 2189 if (!in_dev) { 2190 err = -ENODEV; 2191 goto done; 2192 } 2193 2194 err = -EADDRINUSE; 2195 ifindex = imr->imr_ifindex; 2196 for_each_pmc_rtnl(inet, i) { 2197 if (i->multi.imr_multiaddr.s_addr == addr && 2198 i->multi.imr_ifindex == ifindex) 2199 goto done; 2200 count++; 2201 } 2202 err = -ENOBUFS; 2203 if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships)) 2204 goto done; 2205 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2206 if (!iml) 2207 goto done; 2208 2209 memcpy(&iml->multi, imr, sizeof(*imr)); 2210 iml->next_rcu = inet->mc_list; 2211 iml->sflist = NULL; 2212 iml->sfmode = mode; 2213 rcu_assign_pointer(inet->mc_list, iml); 2214 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2215 err = 0; 2216 done: 2217 return err; 2218 } 2219 2220 /* Join ASM (Any-Source Multicast) group 2221 */ 2222 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2223 { 2224 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2225 } 2226 EXPORT_SYMBOL(ip_mc_join_group); 2227 2228 /* Join SSM (Source-Specific Multicast) group 2229 */ 2230 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2231 unsigned int mode) 2232 { 2233 return __ip_mc_join_group(sk, imr, mode); 2234 } 2235 2236 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2237 struct in_device *in_dev) 2238 { 2239 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2240 int err; 2241 2242 if (!psf) { 2243 /* any-source empty exclude case */ 2244 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2245 iml->sfmode, 0, NULL, 0); 2246 } 2247 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2248 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2249 RCU_INIT_POINTER(iml->sflist, NULL); 2250 /* decrease mem now to avoid the memleak warning */ 2251 atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc); 2252 kfree_rcu(psf, rcu); 2253 return err; 2254 } 2255 2256 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2257 { 2258 struct inet_sock *inet = inet_sk(sk); 2259 struct ip_mc_socklist *iml; 2260 struct ip_mc_socklist __rcu **imlp; 2261 struct in_device *in_dev; 2262 struct net *net = sock_net(sk); 2263 __be32 group = imr->imr_multiaddr.s_addr; 2264 u32 ifindex; 2265 int ret = -EADDRNOTAVAIL; 2266 2267 ASSERT_RTNL(); 2268 2269 in_dev = ip_mc_find_dev(net, imr); 2270 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2271 ret = -ENODEV; 2272 goto out; 2273 } 2274 ifindex = imr->imr_ifindex; 2275 for (imlp = &inet->mc_list; 2276 (iml = rtnl_dereference(*imlp)) != NULL; 2277 imlp = &iml->next_rcu) { 2278 if (iml->multi.imr_multiaddr.s_addr != group) 2279 continue; 2280 if (ifindex) { 2281 if (iml->multi.imr_ifindex != ifindex) 2282 continue; 2283 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2284 iml->multi.imr_address.s_addr) 2285 continue; 2286 2287 (void) ip_mc_leave_src(sk, iml, in_dev); 2288 2289 *imlp = iml->next_rcu; 2290 2291 if (in_dev) 2292 ip_mc_dec_group(in_dev, group); 2293 2294 /* decrease mem now to avoid the memleak warning */ 2295 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2296 kfree_rcu(iml, rcu); 2297 return 0; 2298 } 2299 out: 2300 return ret; 2301 } 2302 EXPORT_SYMBOL(ip_mc_leave_group); 2303 2304 int ip_mc_source(int add, int omode, struct sock *sk, struct 2305 ip_mreq_source *mreqs, int ifindex) 2306 { 2307 int err; 2308 struct ip_mreqn imr; 2309 __be32 addr = mreqs->imr_multiaddr; 2310 struct ip_mc_socklist *pmc; 2311 struct in_device *in_dev = NULL; 2312 struct inet_sock *inet = inet_sk(sk); 2313 struct ip_sf_socklist *psl; 2314 struct net *net = sock_net(sk); 2315 int leavegroup = 0; 2316 int i, j, rv; 2317 2318 if (!ipv4_is_multicast(addr)) 2319 return -EINVAL; 2320 2321 ASSERT_RTNL(); 2322 2323 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2324 imr.imr_address.s_addr = mreqs->imr_interface; 2325 imr.imr_ifindex = ifindex; 2326 in_dev = ip_mc_find_dev(net, &imr); 2327 2328 if (!in_dev) { 2329 err = -ENODEV; 2330 goto done; 2331 } 2332 err = -EADDRNOTAVAIL; 2333 2334 for_each_pmc_rtnl(inet, pmc) { 2335 if ((pmc->multi.imr_multiaddr.s_addr == 2336 imr.imr_multiaddr.s_addr) && 2337 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2338 break; 2339 } 2340 if (!pmc) { /* must have a prior join */ 2341 err = -EINVAL; 2342 goto done; 2343 } 2344 /* if a source filter was set, must be the same mode as before */ 2345 if (pmc->sflist) { 2346 if (pmc->sfmode != omode) { 2347 err = -EINVAL; 2348 goto done; 2349 } 2350 } else if (pmc->sfmode != omode) { 2351 /* allow mode switches for empty-set filters */ 2352 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2353 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2354 NULL, 0); 2355 pmc->sfmode = omode; 2356 } 2357 2358 psl = rtnl_dereference(pmc->sflist); 2359 if (!add) { 2360 if (!psl) 2361 goto done; /* err = -EADDRNOTAVAIL */ 2362 rv = !0; 2363 for (i = 0; i < psl->sl_count; i++) { 2364 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2365 sizeof(__be32)); 2366 if (rv == 0) 2367 break; 2368 } 2369 if (rv) /* source not found */ 2370 goto done; /* err = -EADDRNOTAVAIL */ 2371 2372 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2373 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2374 leavegroup = 1; 2375 goto done; 2376 } 2377 2378 /* update the interface filter */ 2379 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2380 &mreqs->imr_sourceaddr, 1); 2381 2382 for (j = i+1; j < psl->sl_count; j++) 2383 psl->sl_addr[j-1] = psl->sl_addr[j]; 2384 psl->sl_count--; 2385 err = 0; 2386 goto done; 2387 } 2388 /* else, add a new source to the filter */ 2389 2390 if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) { 2391 err = -ENOBUFS; 2392 goto done; 2393 } 2394 if (!psl || psl->sl_count == psl->sl_max) { 2395 struct ip_sf_socklist *newpsl; 2396 int count = IP_SFBLOCK; 2397 2398 if (psl) 2399 count += psl->sl_max; 2400 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count), 2401 GFP_KERNEL); 2402 if (!newpsl) { 2403 err = -ENOBUFS; 2404 goto done; 2405 } 2406 newpsl->sl_max = count; 2407 newpsl->sl_count = count - IP_SFBLOCK; 2408 if (psl) { 2409 for (i = 0; i < psl->sl_count; i++) 2410 newpsl->sl_addr[i] = psl->sl_addr[i]; 2411 /* decrease mem now to avoid the memleak warning */ 2412 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2413 &sk->sk_omem_alloc); 2414 } 2415 rcu_assign_pointer(pmc->sflist, newpsl); 2416 if (psl) 2417 kfree_rcu(psl, rcu); 2418 psl = newpsl; 2419 } 2420 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2421 for (i = 0; i < psl->sl_count; i++) { 2422 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2423 sizeof(__be32)); 2424 if (rv == 0) 2425 break; 2426 } 2427 if (rv == 0) /* address already there is an error */ 2428 goto done; 2429 for (j = psl->sl_count-1; j >= i; j--) 2430 psl->sl_addr[j+1] = psl->sl_addr[j]; 2431 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2432 psl->sl_count++; 2433 err = 0; 2434 /* update the interface list */ 2435 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2436 &mreqs->imr_sourceaddr, 1); 2437 done: 2438 if (leavegroup) 2439 err = ip_mc_leave_group(sk, &imr); 2440 return err; 2441 } 2442 2443 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2444 { 2445 int err = 0; 2446 struct ip_mreqn imr; 2447 __be32 addr = msf->imsf_multiaddr; 2448 struct ip_mc_socklist *pmc; 2449 struct in_device *in_dev; 2450 struct inet_sock *inet = inet_sk(sk); 2451 struct ip_sf_socklist *newpsl, *psl; 2452 struct net *net = sock_net(sk); 2453 int leavegroup = 0; 2454 2455 if (!ipv4_is_multicast(addr)) 2456 return -EINVAL; 2457 if (msf->imsf_fmode != MCAST_INCLUDE && 2458 msf->imsf_fmode != MCAST_EXCLUDE) 2459 return -EINVAL; 2460 2461 ASSERT_RTNL(); 2462 2463 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2464 imr.imr_address.s_addr = msf->imsf_interface; 2465 imr.imr_ifindex = ifindex; 2466 in_dev = ip_mc_find_dev(net, &imr); 2467 2468 if (!in_dev) { 2469 err = -ENODEV; 2470 goto done; 2471 } 2472 2473 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2474 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2475 leavegroup = 1; 2476 goto done; 2477 } 2478 2479 for_each_pmc_rtnl(inet, pmc) { 2480 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2481 pmc->multi.imr_ifindex == imr.imr_ifindex) 2482 break; 2483 } 2484 if (!pmc) { /* must have a prior join */ 2485 err = -EINVAL; 2486 goto done; 2487 } 2488 if (msf->imsf_numsrc) { 2489 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, 2490 msf->imsf_numsrc), 2491 GFP_KERNEL); 2492 if (!newpsl) { 2493 err = -ENOBUFS; 2494 goto done; 2495 } 2496 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2497 memcpy(newpsl->sl_addr, msf->imsf_slist_flex, 2498 flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc)); 2499 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2500 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2501 if (err) { 2502 sock_kfree_s(sk, newpsl, 2503 struct_size(newpsl, sl_addr, 2504 newpsl->sl_max)); 2505 goto done; 2506 } 2507 } else { 2508 newpsl = NULL; 2509 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2510 msf->imsf_fmode, 0, NULL, 0); 2511 } 2512 psl = rtnl_dereference(pmc->sflist); 2513 if (psl) { 2514 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2515 psl->sl_count, psl->sl_addr, 0); 2516 /* decrease mem now to avoid the memleak warning */ 2517 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2518 &sk->sk_omem_alloc); 2519 } else { 2520 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2521 0, NULL, 0); 2522 } 2523 rcu_assign_pointer(pmc->sflist, newpsl); 2524 if (psl) 2525 kfree_rcu(psl, rcu); 2526 pmc->sfmode = msf->imsf_fmode; 2527 err = 0; 2528 done: 2529 if (leavegroup) 2530 err = ip_mc_leave_group(sk, &imr); 2531 return err; 2532 } 2533 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2534 sockptr_t optval, sockptr_t optlen) 2535 { 2536 int err, len, count, copycount, msf_size; 2537 struct ip_mreqn imr; 2538 __be32 addr = msf->imsf_multiaddr; 2539 struct ip_mc_socklist *pmc; 2540 struct in_device *in_dev; 2541 struct inet_sock *inet = inet_sk(sk); 2542 struct ip_sf_socklist *psl; 2543 struct net *net = sock_net(sk); 2544 2545 ASSERT_RTNL(); 2546 2547 if (!ipv4_is_multicast(addr)) 2548 return -EINVAL; 2549 2550 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2551 imr.imr_address.s_addr = msf->imsf_interface; 2552 imr.imr_ifindex = 0; 2553 in_dev = ip_mc_find_dev(net, &imr); 2554 2555 if (!in_dev) { 2556 err = -ENODEV; 2557 goto done; 2558 } 2559 err = -EADDRNOTAVAIL; 2560 2561 for_each_pmc_rtnl(inet, pmc) { 2562 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2563 pmc->multi.imr_ifindex == imr.imr_ifindex) 2564 break; 2565 } 2566 if (!pmc) /* must have a prior join */ 2567 goto done; 2568 msf->imsf_fmode = pmc->sfmode; 2569 psl = rtnl_dereference(pmc->sflist); 2570 if (!psl) { 2571 count = 0; 2572 } else { 2573 count = psl->sl_count; 2574 } 2575 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2576 len = flex_array_size(psl, sl_addr, copycount); 2577 msf->imsf_numsrc = count; 2578 msf_size = IP_MSFILTER_SIZE(copycount); 2579 if (copy_to_sockptr(optlen, &msf_size, sizeof(int)) || 2580 copy_to_sockptr(optval, msf, IP_MSFILTER_SIZE(0))) { 2581 return -EFAULT; 2582 } 2583 if (len && 2584 copy_to_sockptr_offset(optval, 2585 offsetof(struct ip_msfilter, imsf_slist_flex), 2586 psl->sl_addr, len)) 2587 return -EFAULT; 2588 return 0; 2589 done: 2590 return err; 2591 } 2592 2593 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2594 sockptr_t optval, size_t ss_offset) 2595 { 2596 int i, count, copycount; 2597 struct sockaddr_in *psin; 2598 __be32 addr; 2599 struct ip_mc_socklist *pmc; 2600 struct inet_sock *inet = inet_sk(sk); 2601 struct ip_sf_socklist *psl; 2602 2603 ASSERT_RTNL(); 2604 2605 psin = (struct sockaddr_in *)&gsf->gf_group; 2606 if (psin->sin_family != AF_INET) 2607 return -EINVAL; 2608 addr = psin->sin_addr.s_addr; 2609 if (!ipv4_is_multicast(addr)) 2610 return -EINVAL; 2611 2612 for_each_pmc_rtnl(inet, pmc) { 2613 if (pmc->multi.imr_multiaddr.s_addr == addr && 2614 pmc->multi.imr_ifindex == gsf->gf_interface) 2615 break; 2616 } 2617 if (!pmc) /* must have a prior join */ 2618 return -EADDRNOTAVAIL; 2619 gsf->gf_fmode = pmc->sfmode; 2620 psl = rtnl_dereference(pmc->sflist); 2621 count = psl ? psl->sl_count : 0; 2622 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2623 gsf->gf_numsrc = count; 2624 for (i = 0; i < copycount; i++) { 2625 struct sockaddr_storage ss; 2626 2627 psin = (struct sockaddr_in *)&ss; 2628 memset(&ss, 0, sizeof(ss)); 2629 psin->sin_family = AF_INET; 2630 psin->sin_addr.s_addr = psl->sl_addr[i]; 2631 if (copy_to_sockptr_offset(optval, ss_offset, 2632 &ss, sizeof(ss))) 2633 return -EFAULT; 2634 ss_offset += sizeof(ss); 2635 } 2636 return 0; 2637 } 2638 2639 /* 2640 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2641 */ 2642 int ip_mc_sf_allow(const struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2643 int dif, int sdif) 2644 { 2645 const struct inet_sock *inet = inet_sk(sk); 2646 struct ip_mc_socklist *pmc; 2647 struct ip_sf_socklist *psl; 2648 int i; 2649 int ret; 2650 2651 ret = 1; 2652 if (!ipv4_is_multicast(loc_addr)) 2653 goto out; 2654 2655 rcu_read_lock(); 2656 for_each_pmc_rcu(inet, pmc) { 2657 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2658 (pmc->multi.imr_ifindex == dif || 2659 (sdif && pmc->multi.imr_ifindex == sdif))) 2660 break; 2661 } 2662 ret = inet_test_bit(MC_ALL, sk); 2663 if (!pmc) 2664 goto unlock; 2665 psl = rcu_dereference(pmc->sflist); 2666 ret = (pmc->sfmode == MCAST_EXCLUDE); 2667 if (!psl) 2668 goto unlock; 2669 2670 for (i = 0; i < psl->sl_count; i++) { 2671 if (psl->sl_addr[i] == rmt_addr) 2672 break; 2673 } 2674 ret = 0; 2675 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2676 goto unlock; 2677 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2678 goto unlock; 2679 ret = 1; 2680 unlock: 2681 rcu_read_unlock(); 2682 out: 2683 return ret; 2684 } 2685 2686 /* 2687 * A socket is closing. 2688 */ 2689 2690 void ip_mc_drop_socket(struct sock *sk) 2691 { 2692 struct inet_sock *inet = inet_sk(sk); 2693 struct ip_mc_socklist *iml; 2694 struct net *net = sock_net(sk); 2695 2696 if (!inet->mc_list) 2697 return; 2698 2699 rtnl_lock(); 2700 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2701 struct in_device *in_dev; 2702 2703 inet->mc_list = iml->next_rcu; 2704 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2705 (void) ip_mc_leave_src(sk, iml, in_dev); 2706 if (in_dev) 2707 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2708 /* decrease mem now to avoid the memleak warning */ 2709 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2710 kfree_rcu(iml, rcu); 2711 } 2712 rtnl_unlock(); 2713 } 2714 2715 /* called with rcu_read_lock() */ 2716 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2717 { 2718 struct ip_mc_list *im; 2719 struct ip_mc_list __rcu **mc_hash; 2720 struct ip_sf_list *psf; 2721 int rv = 0; 2722 2723 mc_hash = rcu_dereference(in_dev->mc_hash); 2724 if (mc_hash) { 2725 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2726 2727 for (im = rcu_dereference(mc_hash[hash]); 2728 im != NULL; 2729 im = rcu_dereference(im->next_hash)) { 2730 if (im->multiaddr == mc_addr) 2731 break; 2732 } 2733 } else { 2734 for_each_pmc_rcu(in_dev, im) { 2735 if (im->multiaddr == mc_addr) 2736 break; 2737 } 2738 } 2739 if (im && proto == IPPROTO_IGMP) { 2740 rv = 1; 2741 } else if (im) { 2742 if (src_addr) { 2743 spin_lock_bh(&im->lock); 2744 for (psf = im->sources; psf; psf = psf->sf_next) { 2745 if (psf->sf_inaddr == src_addr) 2746 break; 2747 } 2748 if (psf) 2749 rv = psf->sf_count[MCAST_INCLUDE] || 2750 psf->sf_count[MCAST_EXCLUDE] != 2751 im->sfcount[MCAST_EXCLUDE]; 2752 else 2753 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2754 spin_unlock_bh(&im->lock); 2755 } else 2756 rv = 1; /* unspecified source; tentatively allow */ 2757 } 2758 return rv; 2759 } 2760 2761 #if defined(CONFIG_PROC_FS) 2762 struct igmp_mc_iter_state { 2763 struct seq_net_private p; 2764 struct net_device *dev; 2765 struct in_device *in_dev; 2766 }; 2767 2768 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2769 2770 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2771 { 2772 struct net *net = seq_file_net(seq); 2773 struct ip_mc_list *im = NULL; 2774 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2775 2776 state->in_dev = NULL; 2777 for_each_netdev_rcu(net, state->dev) { 2778 struct in_device *in_dev; 2779 2780 in_dev = __in_dev_get_rcu(state->dev); 2781 if (!in_dev) 2782 continue; 2783 im = rcu_dereference(in_dev->mc_list); 2784 if (im) { 2785 state->in_dev = in_dev; 2786 break; 2787 } 2788 } 2789 return im; 2790 } 2791 2792 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2793 { 2794 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2795 2796 im = rcu_dereference(im->next_rcu); 2797 while (!im) { 2798 state->dev = next_net_device_rcu(state->dev); 2799 if (!state->dev) { 2800 state->in_dev = NULL; 2801 break; 2802 } 2803 state->in_dev = __in_dev_get_rcu(state->dev); 2804 if (!state->in_dev) 2805 continue; 2806 im = rcu_dereference(state->in_dev->mc_list); 2807 } 2808 return im; 2809 } 2810 2811 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2812 { 2813 struct ip_mc_list *im = igmp_mc_get_first(seq); 2814 if (im) 2815 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2816 --pos; 2817 return pos ? NULL : im; 2818 } 2819 2820 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2821 __acquires(rcu) 2822 { 2823 rcu_read_lock(); 2824 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2825 } 2826 2827 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2828 { 2829 struct ip_mc_list *im; 2830 if (v == SEQ_START_TOKEN) 2831 im = igmp_mc_get_first(seq); 2832 else 2833 im = igmp_mc_get_next(seq, v); 2834 ++*pos; 2835 return im; 2836 } 2837 2838 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2839 __releases(rcu) 2840 { 2841 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2842 2843 state->in_dev = NULL; 2844 state->dev = NULL; 2845 rcu_read_unlock(); 2846 } 2847 2848 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2849 { 2850 if (v == SEQ_START_TOKEN) 2851 seq_puts(seq, 2852 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2853 else { 2854 struct ip_mc_list *im = v; 2855 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2856 char *querier; 2857 long delta; 2858 2859 #ifdef CONFIG_IP_MULTICAST 2860 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2861 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2862 "V3"; 2863 #else 2864 querier = "NONE"; 2865 #endif 2866 2867 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2868 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2869 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2870 } 2871 2872 delta = im->timer.expires - jiffies; 2873 seq_printf(seq, 2874 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2875 im->multiaddr, im->users, 2876 im->tm_running, 2877 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2878 im->reporter); 2879 } 2880 return 0; 2881 } 2882 2883 static const struct seq_operations igmp_mc_seq_ops = { 2884 .start = igmp_mc_seq_start, 2885 .next = igmp_mc_seq_next, 2886 .stop = igmp_mc_seq_stop, 2887 .show = igmp_mc_seq_show, 2888 }; 2889 2890 struct igmp_mcf_iter_state { 2891 struct seq_net_private p; 2892 struct net_device *dev; 2893 struct in_device *idev; 2894 struct ip_mc_list *im; 2895 }; 2896 2897 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2898 2899 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2900 { 2901 struct net *net = seq_file_net(seq); 2902 struct ip_sf_list *psf = NULL; 2903 struct ip_mc_list *im = NULL; 2904 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2905 2906 state->idev = NULL; 2907 state->im = NULL; 2908 for_each_netdev_rcu(net, state->dev) { 2909 struct in_device *idev; 2910 idev = __in_dev_get_rcu(state->dev); 2911 if (unlikely(!idev)) 2912 continue; 2913 im = rcu_dereference(idev->mc_list); 2914 if (likely(im)) { 2915 spin_lock_bh(&im->lock); 2916 psf = im->sources; 2917 if (likely(psf)) { 2918 state->im = im; 2919 state->idev = idev; 2920 break; 2921 } 2922 spin_unlock_bh(&im->lock); 2923 } 2924 } 2925 return psf; 2926 } 2927 2928 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2929 { 2930 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2931 2932 psf = psf->sf_next; 2933 while (!psf) { 2934 spin_unlock_bh(&state->im->lock); 2935 state->im = state->im->next; 2936 while (!state->im) { 2937 state->dev = next_net_device_rcu(state->dev); 2938 if (!state->dev) { 2939 state->idev = NULL; 2940 goto out; 2941 } 2942 state->idev = __in_dev_get_rcu(state->dev); 2943 if (!state->idev) 2944 continue; 2945 state->im = rcu_dereference(state->idev->mc_list); 2946 } 2947 spin_lock_bh(&state->im->lock); 2948 psf = state->im->sources; 2949 } 2950 out: 2951 return psf; 2952 } 2953 2954 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2955 { 2956 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2957 if (psf) 2958 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2959 --pos; 2960 return pos ? NULL : psf; 2961 } 2962 2963 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2964 __acquires(rcu) 2965 { 2966 rcu_read_lock(); 2967 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2968 } 2969 2970 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2971 { 2972 struct ip_sf_list *psf; 2973 if (v == SEQ_START_TOKEN) 2974 psf = igmp_mcf_get_first(seq); 2975 else 2976 psf = igmp_mcf_get_next(seq, v); 2977 ++*pos; 2978 return psf; 2979 } 2980 2981 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2982 __releases(rcu) 2983 { 2984 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2985 if (likely(state->im)) { 2986 spin_unlock_bh(&state->im->lock); 2987 state->im = NULL; 2988 } 2989 state->idev = NULL; 2990 state->dev = NULL; 2991 rcu_read_unlock(); 2992 } 2993 2994 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2995 { 2996 struct ip_sf_list *psf = v; 2997 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2998 2999 if (v == SEQ_START_TOKEN) { 3000 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 3001 } else { 3002 seq_printf(seq, 3003 "%3d %6.6s 0x%08x " 3004 "0x%08x %6lu %6lu\n", 3005 state->dev->ifindex, state->dev->name, 3006 ntohl(state->im->multiaddr), 3007 ntohl(psf->sf_inaddr), 3008 psf->sf_count[MCAST_INCLUDE], 3009 psf->sf_count[MCAST_EXCLUDE]); 3010 } 3011 return 0; 3012 } 3013 3014 static const struct seq_operations igmp_mcf_seq_ops = { 3015 .start = igmp_mcf_seq_start, 3016 .next = igmp_mcf_seq_next, 3017 .stop = igmp_mcf_seq_stop, 3018 .show = igmp_mcf_seq_show, 3019 }; 3020 3021 static int __net_init igmp_net_init(struct net *net) 3022 { 3023 struct proc_dir_entry *pde; 3024 int err; 3025 3026 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3027 sizeof(struct igmp_mc_iter_state)); 3028 if (!pde) 3029 goto out_igmp; 3030 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3031 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3032 if (!pde) 3033 goto out_mcfilter; 3034 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3035 SOCK_DGRAM, 0, net); 3036 if (err < 0) { 3037 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3038 err); 3039 goto out_sock; 3040 } 3041 3042 return 0; 3043 3044 out_sock: 3045 remove_proc_entry("mcfilter", net->proc_net); 3046 out_mcfilter: 3047 remove_proc_entry("igmp", net->proc_net); 3048 out_igmp: 3049 return -ENOMEM; 3050 } 3051 3052 static void __net_exit igmp_net_exit(struct net *net) 3053 { 3054 remove_proc_entry("mcfilter", net->proc_net); 3055 remove_proc_entry("igmp", net->proc_net); 3056 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3057 } 3058 3059 static struct pernet_operations igmp_net_ops = { 3060 .init = igmp_net_init, 3061 .exit = igmp_net_exit, 3062 }; 3063 #endif 3064 3065 static int igmp_netdev_event(struct notifier_block *this, 3066 unsigned long event, void *ptr) 3067 { 3068 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3069 struct in_device *in_dev; 3070 3071 switch (event) { 3072 case NETDEV_RESEND_IGMP: 3073 in_dev = __in_dev_get_rtnl(dev); 3074 if (in_dev) 3075 ip_mc_rejoin_groups(in_dev); 3076 break; 3077 default: 3078 break; 3079 } 3080 return NOTIFY_DONE; 3081 } 3082 3083 static struct notifier_block igmp_notifier = { 3084 .notifier_call = igmp_netdev_event, 3085 }; 3086 3087 int __init igmp_mc_init(void) 3088 { 3089 #if defined(CONFIG_PROC_FS) 3090 int err; 3091 3092 err = register_pernet_subsys(&igmp_net_ops); 3093 if (err) 3094 return err; 3095 err = register_netdevice_notifier(&igmp_notifier); 3096 if (err) 3097 goto reg_notif_fail; 3098 return 0; 3099 3100 reg_notif_fail: 3101 unregister_pernet_subsys(&igmp_net_ops); 3102 return err; 3103 #else 3104 return register_netdevice_notifier(&igmp_notifier); 3105 #endif 3106 } 3107